Symptoms

DNS zones are not synchronized with the secondary NS node(s).

The following warnings are displayed on the DNS node:

[root@ns1 ~]# service named status
WARNING: key file (/etc/rndc.key) exists, but using default configuration file (/etc/rndc.conf)
rndc: connection to remote host closed
This may indicate that
* the remote server is using an older version of the command protocol,
* this host is not authorized to connect,
* the clocks are not synchronized, or
* the key is invalid.
named (pid  22696) is running...

Update named tasks may fail and show the same output.

Cause

RNDC key is configured incorrectly.

The messages are warnings and hide the real errors behind the DNS tasks.

Resolution

  1. Check permissions for /etc/rndc.key and /var/named/chroot/etc/rndc.key.

    [root@server ~]# ls -la /etc/rndc.key
    lrwxrwxrwx 1 root root 32 Oct  2 14:11 /etc/rndc.key -> /var/named/chroot/etc/rndc.key
    [root@server ~]# ls -la /var/named/run-root/etc/rndc.key
    -rw-r----- 1 root named 97 Oct  2 14:11 /var/named/chroot/etc/rndc.key
    
  2. Make sure that "rndc.key" value matches in both configuration files /etc/named.conf and /etc/rndc.conf:

    [root@server ~]# cat /etc/rndc.conf | grep rndc.key
    include "/etc/rndc.key";
            default-key "rndc-key";
    [root@server ~]# cat /etc/named.conf | grep rndc.key
    include "/etc/rndc.key";
            allow { 127.0.0.1; } keys { "rndc-key"; };
    
  3. If rndc.key value is defined explicitly, for example:

    key "rndc-key" {
            algorithm hmac-md5;
            secret "HfWnMPHYeYEjIKbv060myhayHEWVLg3JzCTvH4Ln5qg=";
    };
    

    You need to make sure that corresponding values algorithm and secret values are identical in /etc/rndc.conf and /etc/named.conf configuration files.

Internal content